Version – December 2023

What are personal data?

A “personal data” (hereinafter “PD”) is any information that concerns you and allows for your direct or indirect identification. This includes, for example, your identifier, name, gender, date of birth, postal address, or email.

Indeed, to ensure the optimal use of our services, including personalized services, you provide certain PD. The submission of some data is even essential to obtain certain services (for example, purchasing tickets). This may also include usage data collected automatically during your connections to our website, stored through tracking processes such as cookies.

Our commitment

The Boghossian Foundation (hereinafter “FB”), a private foundation, is responsible for the multidisciplinary programming of educational, cultural, and artistic events. We attach great importance to respecting and protecting your PD, which we process in the execution of our public mission and services.

We commit to treating your PD fairly, lawfully, and transparently, as required by the Law of July 30, 2018, on the protection of individuals concerning the processing of personal data (hereinafter “the Law”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”).

This Charter reflects our desire to act with transparency and enhance your user experience.

Who are we?

We act as the data controller (“DC”) for our productions, joint controller for our co-productions, and as a new DC for events organized by external organizers and/or venue renters.

DC Contact Information

Boghossian Foundation – Villa Empain
Private Foundation
VAT BE 888.046.579
Avenue Franklin Roosevelt, 67
1050 Brussels

Data Protection Officer (DPO)

For any questions regarding your PD, you can contact our Data Protection Officer (DPO) at the following address:

What categories of PD do we process?

Your identification data

Such as your name, surname, postal address, phone numbers, email addresses, ID card, photo, captured images,…

Date of birth

We are legally obligated to obtain parental consent for those under 13, and this data is also necessary for age verification for certain events and the application of preferential rates.

Navigation data

Such as IP address, date and time of access, the type of domain with which you connect to the Internet, your preferences,…

Location data or other communication-related data;

Professional data, on studies, and education

Title/position, employer’s name, curriculum vitae (especially for internships or job applications).

Sensitive data

Generally, we do not process data such as your sexual orientation, religious or political beliefs, or data related to your health or ethnic origin.

Payment and billing data

These data are retained to process orders and comply with our legal accounting obligations.

What are our sources?

You are our main direct source for collecting PD when you subscribe to a newsletter or purchase tickets, for example. We expect you to provide us with correct and up-to-date PD. Some of your PD, such as the pages you have visited, date and time of your access to our site, are automatically collected through the servers you access and the cookies placed on our site.

For information on the concept of “cookie,” its usage, and the exact data it collects, please refer to our cookie policy page.

We may also receive your PD from our partners, venue renters, or third parties. This is only possible if you have given explicit consent, which you can withdraw at any time.

What do we do with your personal data?

Purchase of tickets or registration for a free event or booking a guided tour

We mainly collect your PD to establish, implement, and manage the contractual relationship surrounding your ticket order (e.g., managing your reservation and keeping you informed about the event for which you purchased tickets).

Access management

We may ask for your ID when you arrive at the reception to verify your date of birth. This ensures that the correct rate was applied when purchasing your ticket.

Newsletter subscription

We collect your PD when you subscribe to our newsletter.

Market research

On a voluntary basis, customer satisfaction surveys or market studies may be conducted. You can naturally choose not to participate.

Direct marketing

The data is also used for direct marketing purposes for similar events in the FB’s offerings. You can oppose this direct marketing at any time and request removal from the list. At the bottom of each email, you will find the option to unsubscribe.


The FB combines the data you provided and the use of the site to provide you with an optimal browsing experience and to inform you by email of a tailored offer.

Video recording

Some of our concerts or events may be recorded and broadcast later. On such occasions, you may be filmed.

Verification of the legality of operations

PD may be processed to prevent or detect offenses, such as the illegal resale of tickets, violation of intellectual property rights, electronic payment fraud, or other offenses.

Processing of a job application

If you apply for a position within the FB, your PD is retained to fulfil the application procedure.

Complaint or lost items

Your PD may be used to respond to the complaint you have submitted and, if applicable, to compensate you. If your complaint concerns an event organized by an external organizer, we transfer it to them for processing. The same applies when you lose one of your personal belongings during a visit to the FB.

Improvement of our services

Your PD allows us to optimize our services (e.g., adapt and improve the content or navigation on our website), enhance the effectiveness of our marketing or advertising campaigns, and conduct statistics.

Any other purpose necessarily requires your explicit prior consent, especially for third-party advertising actions or sending a new newsletter that you have not yet subscribed to.

Who processes your PD?

In line with the minimization principle, only authorized members of the FB staff have access to your PD.

Our subcontractors and external service providers

To perform certain tasks and ensure our services, we use the services of external providers. This may include our ticketing system. We require our subcontractors to provide the same level of protection as ours and not to use your PD for purposes other than those specified by us. They must also have appropriate security measures to prevent unauthorized or illegal processing of your PD and against accidental loss, destruction, or deterioration of your PD. This is contractually guaranteed, and they are only authorized to process your PD for the authorized purpose, with the required discretion and security.

With whom do we share your PD?

With public authorities

Your PD may also be disclosed in accordance with a law, regulation, or decision of a competent regulatory or judicial authority.

What security measures for your PD?

We are committed to taking all necessary measures to protect your DCP in accordance with the law and state-of-the-art technology. We have implemented appropriate technical and organizational measures to safeguard your DCP, designed to provide a level of security appropriate to the risks posed by the processing of your DCP.

Our IT infrastructure is protected by various technical means, including security services using firewalls and email filtering systems. Multiple devices have been implemented to ensure the backup of information. Additionally, data exchanges between different interfaces are encrypted, ensuring their protection. Your transactions are also secured through encryption devices.

To minimize the risk of unauthorized access or modifications to the data, FB staff members, partners, or subcontractors process your DCP strictly according to this Charter. However, it is important to note that we cannot guarantee the security of your DCP during their transmission over the Internet.

We draw your attention to the specific risks associated with the peculiarities of the Internet and networks, as well as the fact that information related to your DCP may be intercepted and/or transferred without your knowledge, especially to countries that do not provide an adequate level of protection.

How long do we retain your DCP?

FB retains your data only for the duration necessary for the purposes described above and to comply with legal retention obligations. You can, however, request the deletion of your data at any time through your user account, and your data will be promptly deleted.

To effectively manage our storage space and adhere to data protection best practices, we have begun purging emails dated before 2019. We plan to retain only emails from the last two complete years. Login information for our platform is retained for security reasons; however, we regularly perform manual deletions of this data. Generally, we only retain login information for the last three months.

It is important to note that this deletion policy does not apply to refund-related information. Details related to refunds, such as your name, surname, email address, and banking details, are permanently retained for financial tracking and compliance with applicable regulations.

DCP of your children?

As parents, you are encouraged to monitor the use of your child(ren)’s DCP and their access to FB’s online/offline services. On the web, the majority age is set at 13, and minors under 13 declare and acknowledge having obtained prior authorization from their parents or the person holding parental authority.

What are your rights?

You have the right of access, the right to rectification (in case of inaccurate data), and the right to deletion of your registration data. You have the right to object, citing serious and legitimate reasons, to any processing of your registration data. You also have the right to oppose at any time the use of your DCP for direct marketing purposes.

You can exercise your request for access, modification, deletion, or objection with our Data Protection Officer (DPO) by sending a specific request via email to The DPO will assess the validity of your request and determine the possibility of responding within the best timeframe, in any case, within one month of receiving the request. If needed, this period may be extended by two months, considering the complexity and number of requests. Furthermore, following your request, FB may need to verify your identity to prevent abuse or identity theft. This verification may require the transmission of additional data, such as a copy of your ID.

You can also oppose the recording of your usage data by configuring your browser.

Remedies available and competent supervisory authority

In case of contestation of a decision by the DPO or for any other complaint regarding the processing of your DCP, you can file a complaint free of charge with the supervisory authority:

Rue de la Presse, 35, 1000 Brussels
Phone: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35